The results: Code quality, security, and compliance
“Coverity is a very powerful static analysis tool that can detect issues in almost all kinds of software builds,” Leclercq noted. “For example, cross-compilation—that is, where the build and host machines are not of the same architecture—is used extensively for Thales Space onboard satellite systems. Coverity is very efficient at helping us analyze low-level code such as onboard C code used in flight satellite software.”
“Using Coverity has helped enhance our mandate to ensure code quality and security, as well as to enforce our compliance with SEI-CERT coding standards for C, C++, and Java, and MISRA standards for C. Most importantly, Coverity allows our developers to work on their essential tasks rather than having to allot time to identifying code defects.”
“Being able to detect and manage open source vulnerabilities early in the SDLC helps lower remediation costs,” Leclercq continued. “In addition to vulnerability management, we’ve also found Black Duck very useful in determining the viability of open source projects—that is, ‘is the project we’re using being maintained and updated?’—as well as keeping track of licenses for IP compliance.”
Black Duck SCA has also provided Thales Alenia Space with the means to create and maintain a software Bill of Materials (SBOM) of the open source being used in its code. Visibility into code is an important need—97% of the aerospace industry’s codebases were found to contain open source, according to the 2022 “Open Source Security and Risk Analysis” report.
“We’ve also been very appreciative of the support we’ve received from Synopsys,” said Leclercq. “The ongoing support for Coverity over the past few years has been really good. Whenever we’ve had a problem, the Coverity support team has had a solution.”
“Black Duck SCA is still relatively new to us, and we received a lot of help from the Black Duck support team to address some deployment issues we ran into. I’m happy to say Black Duck is now working like clockwork.”